[NO TEST NEEDED] Can not test this in CI/CD system since it needs to be
merged in order for the Dockerfiles to even work.
Modified the /etc/subuid and /etc/subgid to be able to run in rootless
containers. The Range can not be the same as on the host.
Add /home/podman/.config/containers/containers.conf to automatically
mount /proc on /proc while inside of the container. This prevents
additional permissions being required that are blocked when not in
--privileged mode.
Setup volumes for /var/lib/containers and
/home/podman/.local/share/containwers
This will prevent the errors where people are doing overlay on overlay.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In the Buildah images, we had a problem where the testing image
was installed with an older version of Buildah than the stable
image. This was apparently due to quay.io using Docker and Dockerhub
which has a version of Fedora that did not let testing
version of Buildah to be installed as it should have been.
This change fully specifies the name of the fedora image to
use. This has not been a problem in Podman, but I'm carrying
this change here to avoid future problems.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adding the changes to the Podman image Docker/Containerfiles similar
to @rhatdan 's changes in https://github.com/containers/buildah/pull/2332
In short it changes the perms on containers.conf so it can be used by a
rootless user.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
(Stealing from: @rhatdan 's https://github.com/containers/buildah/pull/2038 )
1 We need to update all packages in the podman image to make sure they are
up2date.
2 reinstall shadow-utils. For some reason the fedora base image does not
include the file capabilities assigned to /usr/bin/newuidmap and
/usr/bin/newgidmap. Reinstalling shadow-utils, brings them back.
3 Add a default user build to the system. This will create the
/etc/subuid and /etc/subgid maps get created correctly.
Once we have this we should be able to build a container starting with a non
privileged user
podman run -ti --user build --device=/dev/fuse -v ./Dockerfile:/Dockerfile:z quay.io/podman/stable podman buildd /
Addresses: #4741
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
In the Dockerfiles that are used to build the podman images on
quay.io, we were changing the events_logger from journald to
file in libpod.conf, but we weren't enabling it as we didn't
remove the comment. This corrects that and addresses: #3464
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The Dockerfiles necessary to create the stable, testing and upstream container images
on quay.io/user/podman. Once this is commited, I will set up those images
such that they will be built with every git commit.
stable - Latest Fedora release image
testing - Latest release on bohdi Fedora testing
upstream - Latest version in upstream podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Daniel J Walsh
Kirill Shirinkin
TomSweeneyRedHat